Static task
static1
Behavioral task
behavioral1
Sample
df0e6ccea46918c22cddbb6c9a85ec94a2c505a360d247a8437744c6499b87a1.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
df0e6ccea46918c22cddbb6c9a85ec94a2c505a360d247a8437744c6499b87a1.exe
Resource
win10v2004-20220812-en
General
-
Target
df0e6ccea46918c22cddbb6c9a85ec94a2c505a360d247a8437744c6499b87a1
-
Size
244KB
-
MD5
8273f6a93f8740f6b0d09dc0a6740c51
-
SHA1
3e9825f912936be334c31432b82a422ff0300f70
-
SHA256
df0e6ccea46918c22cddbb6c9a85ec94a2c505a360d247a8437744c6499b87a1
-
SHA512
6e2354baf106fa84e85f650d9f8fee5c3db407d9c2994ce9b0e067825ce72d939d3c5a9ccaecf06a0126b35d3e7419fd3b6453f901ab47eee5edef5770265824
-
SSDEEP
6144:NWt4p6mxn6xeKG8do3c9/Y0Oq+L31gkSM4svmpmL:QmxhKvf+z12MlB
Malware Config
Signatures
Files
-
df0e6ccea46918c22cddbb6c9a85ec94a2c505a360d247a8437744c6499b87a1.exe windows x86
be203055a0a8d8cbbaadf1b3c21b0891
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
wldap32
ldap_bindW
ldap_get_next_page
ldap_search_abandon_page
ldap_count_entries
ldap_control_freeA
ldap_modify_ext_s
ldap_delete_sA
ldap_add_s
ldap_search_sA
ldap_create_vlv_controlW
ldap_count_values
ldap_start_tls_sW
ldap_free_controls
ldap_sasl_bindA
ldap_conn_from_msg
ldap_modifyW
ldap_count_references
ldap_modrdn_s
ldap_bind_sW
ldap_explode_dnA
ldap_compareW
msvcrt
_outpd
asin
_adj_fdiv_m64
_wspawnve
_abnormal_termination
??0__non_rtti_object@@QAE@ABV0@@Z
_unloaddll
_wgetdcwd
_wcreat
__p__amblksiz
strlen
_yn
_mbctokata
_ctime64
_putws
_popen
tan
_safe_fdiv
_open_osfhandle
_getpid
_CIpow
_write
__badioinfo
??_7bad_typeid@@6B@
_spawnv
_CIfmod
_wcstoi64
__pxcptinfoptrs
_wfreopen
_inpw
_snwprintf
_wspawnlpe
fgetws
__p___wargv
_y0
ungetc
ispunct
difftime
_locking
_atodbl
_wfindfirst
_snwscanf
_execle
_wspawnvp
ferror
_getdrives
??_Eexception@@UAEPAXI@Z
log
_wcsset
_ungetch
_wspawnlp
_Getdays
_lock
_CIsin
_mbscat
wcsxfrm
_wexecvp
_wcsnset
fmod
_access
towupper
_wcsnicoll
___mb_cur_max_func
wcscmp
_gmtime64
strtol
_setmode
_setmaxstdio
_wgetcwd
_rmdir
_wunlink
untfs
?QueryAttributeList@NTFS_FRS_STRUCTURE@@QAEEPAVNTFS_ATTRIBUTE_LIST@@@Z
??0NTFS_EXTENT_LIST@@QAE@XZ
??1NTFS_MFT_FILE@@UAE@XZ
??0NTFS_ATTRIBUTE_LIST@@QAE@XZ
?QueryAttributeByOrdinal@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_ATTRIBUTE@@PAEKK@Z
?Read@NTFS_SA@@QAEEPAVMESSAGE@@@Z
??1NTFS_ATTRIBUTE_RECORD@@UAE@XZ
??0NTFS_BOOT_FILE@@QAE@XZ
??0NTFS_ATTRIBUTE_DEFINITION_TABLE@@QAE@XZ
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@PAVNTFS_MFT_FILE@@@Z
?Initialize@NTFS_UPCASE_TABLE@@QAEEPAVNTFS_ATTRIBUTE@@@Z
?QuerySegmentReference@NTFS_MFT_INFO@@SG?AU_MFT_SEGMENT_REFERENCE@@PAX@Z
?Initialize@NTFS_SA@@QAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@VBIG_INT@@2@Z
Chkdsk
?Write@NTFS_ATTRIBUTE@@UAEEPBXVBIG_INT@@KPAKPAVNTFS_BITMAP@@@Z
??1NTFS_LOG_FILE@@UAE@XZ
??0NTFS_UPCASE_FILE@@QAE@XZ
??1NTFS_BITMAP_FILE@@UAE@XZ
Extend
??1NTFS_FRS_STRUCTURE@@UAE@XZ
??0NTFS_LOG_FILE@@QAE@XZ
?AddExtent@NTFS_EXTENT_LIST@@QAEEVBIG_INT@@00@Z
?Extend@NTFS_MASTER_FILE_TABLE@@QAEEK@Z
w32topl
ToplVertexGetParent
ToplGraphInit
ToplScheduleIsEqual
ToplVertexSetId
ToplListNumberOfElements
ToplListAddElem
ToplScheduleDuration
ToplGraphNumberOfVertices
ToplScheduleMerge
ToplIterFree
ToplSTHeapInit
ToplVertexFree
ToplListCreate
ToplVertexCreate
ToplEdgeGetFromVertex
ToplGraphRemoveVertex
ToplHeapInsert
ToplGraphFree
ToplEdgeDestroy
ToplIterCreate
ToplGraphDestroy
ToplIterAdvance
ToplSetAllocator
ToplIterGetObject
ToplEdgeSetFromVertex
kernel32
InitializeCriticalSection
ReadConsoleInputExW
SetConsoleOS2OemFormat
LZRead
SetLastConsoleEventActive
ReadConsoleOutputCharacterA
GlobalAlloc
MapViewOfFile
GetCurrentDirectoryW
ActivateActCtx
LoadLibraryA
GetUserDefaultLangID
GetModuleHandleA
VirtualAlloc
EnumDateFormatsA
PeekNamedPipe
GetConsoleInputWaitHandle
LZSeek
AddConsoleAliasA
AllocateUserPhysicalPages
_hread
SetDefaultCommConfigA
FindFirstFileA
GlobalFindAtomA
HeapCreate
GetConsoleOutputCP
VirtualFreeEx
mtxclu
MtxCluIsClusterPresentExW
MtxCluGetComputerNameW
MtxCluGetDTCStatusW
MtxCluIsSameNodeW
MtxCluTakeOfflineDTCW
MtxCluGetSecurityRegValue
MtxCluIsSameClusterW
MtxCluIsNetworkNameInLocalClusterW
MtxCluBringOnlineDTCW
Startup
MtxCluGetDTCVirtualServerNameW
MtxCluSetSecurityRegValue
MtxCluIsClusterPresent
shell32
SHGetMalloc
user32
EndDialog
MessageBoxA
Sections
.text Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 193KB - Virtual size: 193KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 596KB - Virtual size: 2.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 4B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 268B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ